Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP,
and Puppet settings, and can be used as part of Foreman.
It was discovered that foreman-proxy, when running in SSL-secured mode, did
not correctly verify SSL client certificates. This could permit any client
with access to the API to make requests and perform actions otherwise
restricted. (CVE-2014-3691)
All foreman-proxy users are advised to upgrade to these updated packages,
which corrects this issue.
https://access.redhat.com/security/cve/CVE-2014-3691 https://access.redhat.com/security/updates/classification#important
Red Hat Enterprise Linux OpenStack Platform 4.0:
Source:
foreman-proxy-1.3.0-7.el6ost.src.rpm
noarch:
foreman-proxy-1.3.0-7.el6ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
Updated foreman-proxy packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 4.0.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch
1150879 - CVE-2014-3691 foreman-proxy: failure to verify SSL certificates
Get the latest Linux and open source security news straight to your inbox.